ISOC-NY NOTICE BOARD

IETF 79 Rough Guide Follow-up #ietf @InternetSociety

In November 2010, we published the Rough Guide to IETF 79’s Hot Topics. Here now is the follow up to the meetings highlighted in that guide.

For IETF 79, which was held in Beijing, China, we focused our attention on working groups, BoFs, plenaries, and other events in the following broad categories:

• Common and Open Internet
• Global Addressing
• Security and Stability
• Trust and IDentity

In addition to these categories, a session of general interest to those who participate in IETF activities was:
iddtspec (Review of Datatracker Specifications to Follow Internet-Draft Activities) BoF

The goal of this BOF was to review specifications for Datatracker enhancements that allow IETF Participants to easily follow the activities associated with particular Internet-Drafts. This is an IETF “meta-level” session — the output of this discussion will help frame how the operational work of IETF participants is supported, going forward. The current datatracker tool is accessible here: https://datatracker.ietf.org/ . It provides an index of finalized and in-progress documents, as well as an overview of IESG comments and positions on document review.

Outcomes

• No standing WG formed, but draft is under continued discussion:

http://tools.ietf.org/html/draft-ietf-genarea-datatracker-community-04

Proceedings, including minutes:  http://www.ietf.org/proceedings/79/iddtspec.html

————–

The Internet Society (ISOC) also held another expert panel “Handheld, Wireless, and Open: Priorities for the Mobile Future Internet” that gathered experts to discuss the increased use of wide-area wireless networks by traditional desktop, laptop computers, and all shapes and sizes of mobile devices, to access the Internet, as well as the challenges and opportunities this presents for the development of a future Internet. Details are at:

http://www.isoc.org/isoc/conferences/mobility/

Looking ahead, the final preparations are underway for IETF 80, in Prague, Czech Republic, 27 March to 1 April 2011, so we will soon be bringing you a guide to the expected highlights of that meeting.

_____________________________________
Common and Open Internet
As P2P and VoIP technologies become more prevalent, and network usage patterns sometimes deviate from their architects’ expectations, managing bandwidth to allow best use for customers becomes an increasingly important topic.
_____________________________________

behave WG

The behave WG is chartered to create documents that describe how network address translation devices (NATs) can work in as deterministic a way as possible. Much of its current work is focussed on transition techniques for IPv4 to IPv6 that involve NAT64 and DNS64.

Outcomes:

• Ongoing discussions of various NAT techniques
• NAT444 problems are being analyzed and coping mechanisms are being discussed; there seems to be a consensus that this will produce a new round of problems for the Internet as large-scale NATs (LSNs) are deployed.

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/behave.html

————–

conex (Congestion Exposure) WG
The conex WG is concerned with exposing the congestion on the forward path of a flow to the network elements along that path. The mechanism will provide a ‘building block’ for ISPs and application developers to better share available capacity between users and competing applications in the presence of congested bottleneck links. The WG is defining use-cases for the mechanism as well as an abstract mechanism specification and a concrete implementation for IPv6 networks.

Outcomes:

• Work continues to refine the use cases for this mechanism
• Lack of space in the IPv6 header for encoding conex information is a serious impediment to the work of this group at present.

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/conex.html

————–

ippm (IP Performance Metrics) WG

The IPPM WG has developed a set of standard metrics that can be applied to the quality, performance, and reliability of Internet data delivery services. These metrics are designed such that they can be performed by network operators, end users, or independent testing
groups.

Outcomes:

• Continued progress towards chartered milestones

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/ippm.html

————–

ledbat (Low Extra Delay Background Transport) WG
The ledbat WG is defining a congestion control algorithm that automatically yields to TCP in the presence of congested bottleneck links. It is delay-based, as opposed to TCP’s loss-based algorithm and is beneficial for bulk-transfer applications that are not time-critical such as P2P file sharing. The WG is nearing completion, and is now fine-tuning the specification in light of simulation results.

Outcomes:

• Final actions agreed to bring about closure of working group soon

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/ledbat.html

_____________________________________
Global Addressing
There is steadily increasing momentum to deploy IPv6 as the IPv4 address pool approaches depletion. While much work is ongoing to support interoperability in coexisting IPv4 and IPv6 network environments, there are also interesting developments in emerging IPv6 environments.
_____________________________________

6lowpan (IPv6 Over Low Power Networks) WG

The 6lowpan working group is specifying standards to operate IPv6 over networks with small devices, low power, and lossy transmission. The main focus of the working group has been the specification of a version of IPv6 neighbor discovery that will work in these kinds of environments.

Outcomes:

• progress continues on 6ND; it is very close to completion
• working group last call was in progress for use cases

Proceedings, including minutes: http://www.ietf.org/proceedings/79/6lowpan.html

————–

armd (Address Resolution for Massive amount of hosts in cloud/internet Data center) BoF

This is an INT Area BoF to look at challenges that clusters of virtualized machines (VMs) and clouds can face in basic switching architectures. The particular import is in how these types of hosts are impacted by, and may impact, networking requirements.

Outcomes

• Much discussion about whether this is, in fact, different from other large-scale situations already encountered
• General conclusion — work is interesting, but further definition of WG needed before there is something charterable

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/armd.html

————–

pcp (Port Control Protocol) WG
The PCP working group is chartered to standardize a client/server Port Control Protocol (PCP) to enable an explicit dialog with a middlebox such as a NAT or a firewall to open up and/or forward TCP or UDP port, regardless of the location of that middlebox. Today, an end host behind a CPE NAT is able to use UPnP or NAT-PMP to open an inbound port on the NAT for applications that require such a port to operate, e.g. P2P or VoIP. In the presence of a centralised ‘carrier-grade’ NAT, such protocols will fail to operate, hence the desire for PCP. This work is enabling technology for Internet operators to continue providing IPv4 Internet service after the IPv4 free-pool of addresses is depleted.

Outcomes:

• Work is progressing rapidly with interim meetings scheduled.

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/pcp.html

————–

v6ops (IP v6 Operations) WG

The v6ops working group continues to work on specifications relating to IPv6 operational issues in IPv6 deployments. One of the issues of IPv6 deployment is that sometimes IPv6 appears to be available, but due to configuration or connectivity problems, the latencies are so high as to make it unusable. There was a long discussion of whether or not an address prefix should be allocated for shared address space in the middle segment in carrier grade NAT deployments.

Outcomes:

• A new proposal called “Happy Eyeballs” aims to specify functionality that allows detecting and avoiding unusable (due to configuration or connectivity problems) IPv6 connectivity where better IPv4 connectivity is also possible.
•  A proposal for allocating an prefix allocation for shared address space in the middle segment of carrier grade NAT deployments was dropped due to lack of support for proposed scenarios.

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/v6ops.html

_____________________________________
Security and Stability
Securing the DNS and greater assurance in routing is critical for the ongoing expansion and evolution of the Internet in all areas of our societies and economies.
_____________________________________

karp (Keying and Authentication for Routing Protocols) WG

The karp WG is focused on improving the state of authentication in all the Internet routing protocols. Many routing protocol deployments, if they use authentication at all, are using older cryptographic algorithms and missing some modern security mechanisms, like replay protection, algorithm agility, or key rollover. In addition, many use the same key permanently. This meeting focused on progressing two of the three foundational documents (the third is on hold for the moment). These documents form the basis for all subsequent karp wg efforts. Additionally, the working group discussed a database of long-lived cryptographic keys, an operations model for router keying, and multicast router key management.

Outcomes:

• Key foundational documents (threats and design guide) making progress
• Discussions initiated on several topics including multicast routing protocols, an operations model, and automated security association management.

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/karp.html

————–

dane (DNS-based Authentication of Named Entities) WG
(was kidns (Cryptographically Secured Communication by Using Information in the DNS) BoF)
This new WG is chartered to specify mechanisms and techniques that allow Internet applications to establish cryptographically secured communications by using information distributed through DNSSEC for discovering and authenticating public keys which are associated with a service located at a domain name.

Outcomes:

• Working Group is chartered, lots of proposals on the table

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/dane.html

————–

sidr (Secure Inter-Domain Routing) WG

The sidr WG is focused on securing inter-domain routing by developing Resource PKI (RPKI). RPKI adds an authentication framework to BGP and is going to require a certificate management infrastructure. The primary focus of this meeting was getting the core set of documents published. This is a key technology for improving trust in the routing infrastructure.

Outcomes:

• Several core documents ready for Working Group Last Call.
• New working group drafts on Local Trust Anchor Management and Algorithm Agility

Proceedings, including minutes:
http://www.ietf.org/proceedings/79/sidr.html

————–

WEBSEC
Web Security (Active WG)

————————————
With the arrival of new attacks the introduction of new web security indicators, security techniques, and policy communication mechanisms have sprinkled throughout the various layers of the Web and HTTP. The goal of this working group is to compose an overall “problem statement and requirements” document derived from surveying the issues outlined in the above section Additionally, the WG will standardize a small number of selected specifications that have proven to improve security of Internet Web applications.

Outcomes:

• Active discussions at the IETF 79 meeting included a review of the Strict Transport draft and an open discussion on using DNSSEC for Strict Transport. Several documents are also moving to last call following the meeting.
• The group also discussed next steps to advance the Requirements document.

Proceedings: http://www.ietf.org/proceedings/79/websec.html

_____________________________________
Trust and identity
As public concerns increase about security of infrastructure, privacy, trust, and identity on the Internet, these themes recur in several working group discussions.
_____________________________________

abfab (Application Bridging for Federated Access Beyond Web) WG

This working group will specify a federated identity mechanism for use by other Internet protocols not based on HTML/HTTP, such as for instance IMAP, XMPP, SSH and NFS. The design will combine existing protocols, specifically the Extensible Authentication Protocol (EAP – RFC 3748), Authentication, Authorization and Account Protocols (RADIUS – RFC 2865 and Diameter – RFC 3588), and the Security Assertion
Markup Language (SAML).

Outcomes: This was the first official WG meeting and the agenda included a brief history of the issues, a review of the proposed architecture, and discussion of the relationship of Project Moonshot to the broader abfab agenda.

Proceedings: http://www.ietf.org/proceedings/79/abfab.html
See also: http://www.project-moonshot.org/aggregator

————–

oauth (Open Authentication Protocol) WG

OAuth allows a user to grant a third-party website or application access to their resources, without necessarily revealing their credentials, or even their identity. While there was not an official meeting at IETF 79, there were two side meetings: an OAuth tutorial session, and a Security considerations BoF. Several individuals volunteers to advance a security considerations document for IETF 80. Additional details can be found here:

http://www.ietf.org/registration/MeetingWiki/wiki/79bofs

Proceedings: http://www.ietf.org/proceedings/79/oauth.html

————–

scap (Secure Content Automation Protocol) BoF

Synergy of SCAP Program and IETF Activities

There was an informational session to help coordinate future work.

Proceedings: http://www.ietf.org/proceedings/79/scap.html

==================================================================